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Top Stories 

• The North Dakota Department of Health reported October 20 that Oasis Petroleum North 
America, LLC was unable to regain control of a well after workers lost control October 17, 
causing tens of thousands of gallons of oil and saltwater to spill. - KXMC 13 Minot; 
Associated Press (See item 1) 

• Over 2,000 people were evacuated October 19 from a Smithfield Packing Plant in North 
Carolina after part of the ceiling fell into the building. - WECT 6 Wilmington (See item 12) 

• Colorado-based Good Food Concepts issued a voluntary recall for about 12,566 pounds of 
beef, pork, and poultry products October 18 due to misbranding and production without 
thorough analysis and control. - U.S. Department of Agriculture (See item 14) 

• U.S. officials announced October 19 that Millennium Health agreed to pay $256 million to 
resolve allegations that the company billed health care programs for unnecessary urine and 
drug testing, among other charges. - U.S. Department of Justice (See item 16) 
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Energy Sector 



1. October 20, KXMC 13 Minot; Associated Press - (North Dakota) Oil, brine spill in 
ND after workers lose control of well. The North Dakota Department of Health 
reported October 20 that Oasis Petroleum North America, LLC has been unable to 
regain control of a well in Mountrail County after workers lost control of the well 
October 17, causing tens of thousands of gallons of saltwater and oil to spill. Crews 
were able to recover 73,920 gallons of oil and 84,000 gallons of saltwater by October 
18, and are continuing efforts to remove the fluids from the well site. 

Source: http://www.wdav.com/news/3864585-oil-brine-spill-nd-after-workers-lose- 
control-well 

2. October 19, Associated Press; Knoxville News Sentinel - (National) New federal coal 
ash regulations going into effect. Utilities are required to control coal ash that is 
blown by wind and routinely inspect coal ash ponds and landfills in new Federal 
regulations that went into effect October 19. The regulations were prompted by a 2008 
environmental disaster caused by the release of 5.4 million cubic yards of sludge from a 
storage pond at the Tennessee Valley Authorities’ Kingston Fossil Plant that damaged 
homes, polluted the Emory River, and required a $1 billion clean up. 

Source: http://www.wrcbtv.com/story/30294711/new-federal-coal-ash-regulations- 
going-into-effect 

Chemical Industry Sector 

3. October 19, Salinas Californian - (California) 20 salad workers hospitalized in 
chemical spill. Officials reported October 19 that a chemical spill at a Taylor Farms 
processing plant sent 20 employees to area hospitals October 15 after a worker reported 
“a strong smell of chlorine” at its Tracy, California facility. The cause of the spill was 
attributed to mixing acetic acid and chlorine. 

Source: http://www.thecalifornian.com/storv/news/mv-planet/2015/10/19/salad- 
workers-hospitalized-chemical-spill/74244700/ 

Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 

Critical Manufacturing Sector 

Nothing to report 

Defense Industrial Base Sector 

Nothing to report 

Financial Services Sector 

4. October 20, Cranston Patch - (Rhode Island) “Ponytail Bandit” pleads guilty to 
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bank robbery spree. The suspect believed to be the “Ponytail Bandit” pleaded guilty 
October 16 to charges connected to 4 Providence and Cranston Citizen’s and Sovereign 
bank branch robberies in February 2013. 

Source: http://patch.com/rhode-island/cranston/ponytail-bandit-pleads-guilty-bank- 
robbery-spree-0 

5. October 19, Reuters - (National) UBS to pay $17.5 min in SEC settlement over 
fund’s strategy change. U.S. Securities and Exchange Commission officials 
announced October 19 that UBS AG agreed to pay $17.5 million to settle allegations 
that UBS Willow Management, a joint venture between UBS Fund Advisor and Bond 
Street Capital, failed to notify investors of a shift to investing in credit default swaps in 
2008 - 2009, leading to significant losses that eventually led to the UBS Willow Fund 
LLC’s liquidation in 2012. 

Source: http://www.reuters.com/article/2015/10/19/ubs-ag-sec-settlement- 
idUSLlN12JlPG20151019 

Transportation Systems Sector 

6. October 20, KTRK 13 Houston - (Texas) Overturned concrete mixer shuts down 59 
Southwest Freeways at Williams Way. All outbound lanes of 59 Southwest Freeway 
were shut down at Williams Way in Sugar Land, Texas, for several hours October 20 
after a semi-truck hauling cement overturned and spilled its load onto the freeway. 
Source: http://abcl3.com/traffic/overtumed-concrete-mixer-shuts-down-southwest- 
freeway/ 104 1847/ 

7. October 19, Fox News - (National) Feds to require drone registration after close 
calls. The U.S. Government announced October 19 that registration of drone aircraft 
will be required for all buyers, including consumers and hobbyists, to address the 
growing number of reported close calls and incidents that pose safety risks. The Federal 
Aviation Administration and the U.S. Department of Transportation are setting up a 25- 
to-30-member task force, including government and industry officials and hobbyists, 
which will recommend which drones should be required to register and which should 
be exempt. 

Source: http://www.foxnews.com/politics/2Q15/10/19/faa-to-announce-drone- 
regulations/ 

8. October 19, Los Angeles Times - (California) Southwest flight makes emergency 
landing at LAX after passenger ‘choked’ woman. A Southwest Airlines flight 
headed to San Francisco turned around and made an emergency landing in Los Angeles 
October 18 due to a physical altercation by one passenger against another. Law 
enforcement removed 1 passenger upon landing while the remaining 136 passengers 
continued their journey. 

Source: http://www.latimes.com/local/lanow/la-me-ln-southwest-passenger-attack- 
20151019-story.html 

9. October 19, Miami Herald - (Florida) Man struck and killed by Amtrak train; Tri- 
Rail commuters should expect delays. A man trespassing on tracks south of the 
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Golden Glades Tri-Rail station was struck and killed by an Amtrak train October 19, 
causing significant delays for Tri-Rail trains while officials investigated the incident. 
Source: http://www.miamiherald.com/news/local/community/miami- 



dade/article40249626.html 



10. October 19, WTOP 103.5 FM Washington D.C. - (Virginia) All lanes of Richmond 
Highway reopen. All lanes of U.S.l /Richmond Highway south of Alexandria, 
Virginia, reopened October 19 after being shut down for several hours while crews 
replaced a downed power pole. 

Source: http://wtop.com/fairfax-countv/2015/10/richmond-highwav-may-be-closed- 
into-aftemoon/slide/ 1 / 



Food and Agriculture Sector 

11. October 20, San Jose Mercury News - (California) San Jose restaurant closed after 
outbreak of food poisoning. The Santa Clara County Public Health Department closed 
the Mariscos San Juan restaurant October 18 after receiving reports that 30 patrons 
became ill, 1 1 of which were sent to intensive care units for Shigella. Officials advised 
customers who ate at the restaurant to see a doctor. 

Source: http://www.mercurvnews.com/crime-courts/ci 28994650/san-jose-restaurant- 
closed-after-outbreak- food-poisoning 

12. October 20, WECT 6 Wilmington - (North Carolina) Smithfield Packing plant 
evacuated after part of ceiling collapses. A Bladen County official reported October 
19 that over 2,000 people were evacuated from the Smithfield Packing Plant after part 
of the ceiling fell from its Tar Heel, North Carolina facility, causing the plant to stop its 
production for an indeterminate amount of time. No injuries were reported and 
Smithfield Foods is working to fix the roof. 

Source: http://wncn.com/2015/10/19/smithfield-packing-plant-evacuated-after-part-of- 
ceiling-collapses/ 

13. October 19, U.S. Department of Labor - (Michigan) OSHA cites US Fish and 
Wildlife Service for serious, repeated violations at Pendills Creek National Fish 
Hatchery. The Occupational Safety and Health Administration issued notices of unsafe 
and unhealthy working conditions to the U.S. Fish and Wildlife Service October 6 
including 11 serious, 1 repeated and 1 other-than-serious violation following an 
inspection that revealed employees at Pendills Creek National Fish Hatchery faced 
atmospheric, water, amputation, and asbestos hazards while working in tanks and pits 
at its Brimley Fish Hatchery facility. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=28920 

14. October 18, U.S. Department of Agriculture - (Colorado; New Mexico) Good Food 
concepts recalls beef, pork, and poultry products produced without a fully 
implemented HACCP plan, and misbranded. Colorado Springs-based Good Food 
Concepts issued a voluntary recall for approximately 12,566 pounds of beef, pork, and 
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poultry products October 18 after a food safety assessment revealed the products were 
produced without a fully implemented Hazard Analysis and Critical Control Points plan 
and were misbranded to include undeclared sodium nitrite. The items were produced 
from October 16, 2014 - October 16, 2015 and shipped to retail locations in Colorado 
and New Mexico. 

Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-archive/archive/201 5/recall- 127-201 5-release 



Water and Wastewater Systems Sector 

15. October 20, KTVI 2 St. Louis - (Missouri) 90,000 gallons of sewage spills into River 
des Peres. The Metropolitan St. Louis Sewer District reported that crews discovered a 
blocked sewer main that caused an estimated 90,000 gallons of sewage to enter the 
River des Peres in St. Louis October 19. Officials issued a water advisory for more than 
a mile-long stretch of the River des Peres. 

Source: http://fox2now.com/2015/10/20/sewerage-discharged-into-river-des-peres/ 

For another story, see item 1 

Healthcare and Public Health Sector 

16. October 19, U.S. Department of Justice - (National) Millennium Health agrees to pay 
$256 million to resolve allegations of unnecessary drug and genetic testing and 
illegal remuneration to physicians. The U.S. Department of Justice announced 
October 19 that Millennium Health agreed to pay $256 million in a settlement resolving 
alleged violations of the False Claims Act after officials reportedly found that the 
company falsely billed Medicare, Medicaid, and other Federal health care programs for 
medically unnecessary urine drug and genetic testing, in addition to providing 
physicians with free items for referring laboratory testing to the company between 2008 
and 2015. The company also entered into a corporate integrity agreement (CIA) with 
the U.S. Department of Health and Human Services-Office of Inspector General as part 
of the settlement terms. 

Source: http://www.iustice.gov/opa/pr/millennium-health-agrees-pay-256-million- 
resolve-allegations-unnecessary-drug-and-genetic 

Government Facilities Sector 

17. October 19, KATC 3 Lafayette - (Louisiana) School bus overturns on Bourque Road 
near Johnston Street. Ten L. Leo Elementary School students were transported to an 
area hospital with injuries October 19 after a failure on their school bus caused the bus 
to slide and overturn on Bourque Road in Lafayette Parish. 

Source: http://www.katc.com/storv/30299843/school-bus-overtums-on-bourque-road- 
near-johnston-street 

Emergency Services Sector 

18. October 19, CNN - (Ohio) Ohio delays executions until 2017. The Ohio Department 
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of Rehabilitation and Correction announced October 19 that all scheduled executions of 
about a dozen inmates will be delayed until 2017 due to difficulties obtaining the drugs 
necessary to carry out the court ordered executions. Officials stated that the delay is a 
result of supply and distribution restrictions. 

Source: http ://www .cnn.com/20 15/10/1 9/us/ohio-executions-delay/ 

Information Technology Sector 

19. October 20, Securityweek - (International) Vulnerabilities found in HP ArcSight 
products. HP began releasing security updates addressing vulnerabilities in HP’s 
ArcSight products, including an authentication bypass flaw in the ArcSight Logger 
interface in which a remote authenticated user without permissions could conduct 
searches through the Simple Object Access Protocol (SOAP) interface, improper 
restriction of excessive authentication attempts which could allow brute force attacks 
on the SOAP interface, and an insufficient compartmentalization vulnerability which 
could allow a user to escalate privileges to root. 

Source: http://www.securityweek.com/vulnerabilities-found-hp-arcsight-products 

20. October 20, Softpedia - (International) Malware disguises as Google Chrome 
browser clone. Security researchers from PCRisk and Malwarebytes discovered a new 
Web browser designed to mimic Google Chrome called eFast, which delivers adware 
and malware and hijacks file and Uniform Resource Locator (URL) associations on 
infected systems. The application is based on the Chromium open source browser. 
Source: http://news.softpedia.com/news/malware-disguises-as-a-google-chrome- 
browser-clone-494906.shtml 

21. October 20, Help Net Security - (International) 250+ iOS apps offered on Apple’s 
App Store found slurping user data. Security researchers from SourceDNA and 
Purdue University discovered that over 250 Apple App Store applications are built on a 
software development kit (SDK) that uses private application program interfaces 
(APIs) to gather user and device information, despite Apple disallowing the practice. 
Apple has removed an unspecified number of apps and Youmi, the China-based mobile 
advertising company that created the SDK is working with the company to resolve the 
issue. 

Source: http://www.net-securitv.org/secworld.php?id=19001 

22. October 20, Help Net Security - (International) A slew of LTE 4G vulnerabilities 
endanger Android users and mobile carriers. Researchers from Carnegie Mellon 
University’s Computer Emergency Response Team Coordination Center reported that 
carriers and users of Long-Term Evolution (LTE 4G) devices are vulnerable to issues 
that may result in loss of privacy, data spoofing, incorrect billing, and denial-of-service 
(DoS) attacks due to LTE networks’ reliance on packet switching and the Internet 
Protocol (IP) schema versus circuit switching used in previous generations. 

Source: http://www.net-securitv.org/secworld.php?id=19000 

23. October 20, Help Net Security - (International) 1 in 4 organizations have experienced 
an APT. ISACA released findings from a study surveying over 660 cybersecurity 
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professionals revealing that about 28 percent of those surveyed have experienced an 
attack from an advanced persistent threat (APT), that mobile device security continues 
to be an issue, and that most organizations tend to focus on technical controls instead of 
education and training when most APT attacks tend to employ social engineering, 
among other findings. 

Source: http://www.net-security.org/secworld.php ?id=l 8998 

24. October 20, The Register - (International) Sites cling to a million flawed, fading 
SHA-1 certificates: Netcraft. Security researchers from Netcraft reported that over a 
million organizations are still using Secure Hash Algorithm 1 (SHA-1) certificates, that 
120,000 were issued this year, and that another 250,000 surveyed are scheduled to live 
past 2017, despite documented weaknesses in the algorithm’s security. 

Source: 

http://www.theregister.co.uk/2015/10/20/sites cling to a million flawed fading shal 
certificates netcraft/ 



25. October 19, SC Magazine - (International) Flaws in LibreSSL could open Web 
servers to attack. Security researchers from Qualys discovered memory leak and 
buffer overflow vulnerabilities in all versions of LibreSSL which could allow attackers 
to create a denial-of-service (DoS) condition or execute arbitrary code. LibreSSL is a 
fork of the Open Secure Sockets Layer (SSL) library intended as a replacement after 
the Heartbleed vulnerability was discovered in Open SSL’s code, and the 
vulnerabilities were reportedly addressed in subsequent updates. 

Source: http://www.scmagazineuk.com/flaws-in-libressl-could-open-web-servers-to- 
attack/article/44797 6/ 



Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 



Communications Sector 

See item 22 

Commercial Facilities Sector 

26. October 20, Boston Globe - (Massachusetts) About 40 displaced after Chinatown 
blaze. Boston fire officials reported October 19 that about 40 residents were displaced 
from a Boston apartment and business building and 2 were injured after a fire began in 
an electrical short circuit located in the ceiling of a second-floor bathroom. The fire 
caused an estimated $700,000 in damages. 

Source: https://www.bostonglobe.com/metro/2015/10/19/chinatown-fire-forces- 
evacuate/JfEzo5JayzhqIRyBlECI8I/storv.html 
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27. October 19, KVUE 24 Austin - (Texas) Two of three firefighters injured battling 
fire released from hospital. Dry Creek West Condos in Austin, Texas, sustained 
extensive damage October 18 after a fire destroyed 14 units, injured 3 firefighters, and 
caused $2 million in damages. About 90 firefighters contained the incident and an 
investigation is ongoing to determine the cause of the fire. 

Source: http://www.kvue.com/story/news/local/2015/10/18/apartment-fire-in-central- 
austin/74 173404/ 

28. October 19, Waxahachie Daily Light - (Texas) 2-alarm fire causes hotel evacuation. 
An October 19 fire prompted the evacuation of 35 hotel rooms from a Comfort Inn and 
Suites in Red Oak, Texas October 19 after the fire was reportedly seen in the laundry 
room. Fire crews extinguished the flames and the cause of the fire is under 
investigation. 

Source: http://www.waxahachietx.com/article/20151019/NEWS/151Q19391 

Dams Sector 



29. October 20, Keene Sentinel - (New Hampshire) Swanzey Lake to be lowered this 
week for dam repairs. East Swanzey officials announced that its annual plans to lower 
Swanzey Lake beginning around October 22 will be more extensive, and will include 
intentions to survey the lake’s dam and repair a leak that was discovered in August. 
Source: http://www.sentinelsource.com/swanzey-lake-to-be-lowered-this-week-for- 
dam-repairs/article 2bc49a49-3407-5946-842d-338b660c2bab.html 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday 
through Friday] summary of open-source published information concerning significant critical 
infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for 10 days on 
the Department of Homeland Security Web site: http://www.dhs.gov/lPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert. gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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